ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-001 All Questions

View all questions & answers for the CS0-001 exam
Go to Exam

Exam CS0-001 topic 1 question 42 discussion

Actual exam question from CompTIA's CS0-001
Question #: 42
Topic #: 1
[All CS0-001 Questions]

A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? (Choose two.)

  • A. Fuzzing
  • B. Behavior modeling
  • C. Static code analysis
  • D. Prototyping phase
  • E. Requirements phase
  • F. Planning phase
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
Reference:
http://www.brighthub.com/computing/smb-security/articles/9956.aspx
by holst at Jan. 8, 2020, 4:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
slcc99
Highly Voted 5 years, 1 month ago
This question was in the exam :)
upvoted 8 times
...
holst
Highly Voted 5 years, 4 months ago
I don't think it could be static code analysis, that is when multiple programmers are looking over the code syntax and making sure everything it compliant, and they explicitly do not run/execute the code or program itself. If you only go by the exam objectives laid out in section 4.4 from comptia, then the answer should be fuzzing/security regression testing. going by the question answer choices though, it should be fuzzing/prototyping phase. prototyping phase is a legit part of the SDLC, but again comptia doesn't acknowledge it in the exam objectives so idk about this question. I would say A and D.
upvoted 7 times
...
Jeend
Most Recent 2 years, 4 months ago
Random data for Fuzzing
upvoted 1 times
...
Acrisius
4 years, 5 months ago
Fuzzing & Prototyping get my vote.
upvoted 1 times
...
Moawd
4 years, 9 months ago
this question was in exam
upvoted 3 times
...
XAmbivert
5 years ago
Fuzzing is one of the most commoon dynamic analysis techniques, meaning "static analysis" as an answer is incorrect.
upvoted 2 times
...
B1gK
5 years ago
the correct answers are fuzzing and prototyping phase. if you check beyondsecurity.com you realize fuzzing is performed during the development process. Development process is tantamount to the prototyping phase.
upvoted 2 times
B1gK
5 years ago
fuzzing is a verification/testing tool, which is performed in the last stage before release/deployment. reference: https://www.synopsys.com/glossary/what-is-sdlc.html
upvoted 1 times
...
...
KC
5 years, 3 months ago
Agree with holst. Can’t be static code analysis. The closest option seems to be fuzzing and prototyping.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago